Keeping your website safe and locked tight is as important as locking your home when you head off to a vacation. Even the quick trip to a store is enough time for a burglary to happen so imagine how little time it takes to hack your site when you’re not monitoring it.
Recently we have seen multiple customer’s websites get hacked. There can be multiple symptoms from redirecting your entire site to an unwanted site, changing content, or turning your site into a spam server or malware server causing your site to get blocked by all of the web filters and even Google and Bing.
Often the customer’s first reaction is the host’s server has been hacked and this is rarely the case. If that were to happen the hack would gain access to all of the sites on that server and this is rare. It is much more common that the hacker has gained access into your hosting files and they do this the same ways the web designer uploads the files.
How to Protect Your Site
- Strong Passwords. But what passwords? There are many passwords on your account. Many of them your web designer sets up to upload or modify your site including: Portal access (to setup hosting account and Install apps), your FTP (file transfer protocol) this is used to upload your site, and CMS login (Content Management System) for many of our customers this is their WordPress, Joomla, Drupal or Weebly administrator account. These are all ways that a hacker can gain access to your site by repeatedly trying multiple username and password combinations or better known as a brute force hack. For more information on what is a strong password check out this article by Clicking Here.
- Update your CMS. All of the major CMS tools get regular updates. Some of them are for new features or functionally but many of them are to secure holes found in their software allowing hackers get to your site. It is important to keep your CMS up-to-date.
- Update your Database. Most of the CMS solutions use MySQL for the database that your site runs in. it is important to keep that database current for the same reasons as the CMS
- Update Themes and Plugins. Hackers can also exploit the Themes and plugins to gain access to your site. As many of the CMS are free and are a community based and anyone can create plugins and themes they are not always the most secure. However, another reason to keep them up to date is to keep them compatible with updated database and WordPress.
- Lock Account on Multiple failed attempts. This will depend on whom you’re hosting you website with and if they support this option, but if they do you can lock the account if there is multiple failed login attempts. Some will say this is a pain but most hacks are simply guessing user names and passwords. If you can set it at 10 you will not enter your PW incorrectly that many times but a hacker will try hundreds or thousands of combinations in just a couple of hours.
- Managed Hosting. On many sites including ours there is a managed hosting option. This will automatically update WordPress or other CMS as well as many of the plug-ins to keep you safe. The Hosting is a little bit more expensive but is much more secure. One thing to note there is no host that can be responsible if you use plugins that do not get updates and cause conflicts or do not work after update.
The Number one important safety procedure: Backups. This is most important and I would recommend multiple backups. First, is a manual backup of your database in your hosting account then transfer your entire site to your computer by FTP. This will be a point in time you know your site is good. Unfortunately many small businesses do not go to their site regularly and do not know when it was hacked. Second is a automated backup. I Like UpDraftPlus Backups it is a WordPress plug in that will automatically backup your site on a schedule and save it to one of many cloud storage apps like dropbox. I set up our site to do a weekly backup and keep 12 copies. This way I can roll back the site up to 12 weeks if I had to.